Banking on Insecurity: Why Attackers Can Take the Money and Run

Presented at Hackfest 2017, Nov. 3, 2017, 4:30 p.m. (Unknown duration).

This is the ongoing fairytale of securing financial institutions. So many banks in so little time. We should expect cyber attacks on financial institutions because it's just so much easier to pillage online than to coordinate a get-away car, guns and comfortable ski masks. Over the past year, exploits against banks have seriously upped the game: jackpotting ATMs, DDoS, messing with trusted messengers. The recent attacks on Polish banks initially went unnoticed. That's a mistake we can't afford to make, but the attackers are banking on it. When source code revealed that a much bigger player was involved, everyone jumped in. But that was days later. What are we missing because we choose to see what we expect, instead of what is really there? After last year's massive breaches, and some significant financial attacks, financial organizations need to be prepared. The attackers aren't just going after the money. They want the data too.


Presenters:

  • Cheryl Biswas / 3ncr1pt3d as Cheryl Biswas
    Cheryl Biswas, aka @3ncr1pt3d, is a Project Manager, Cyber Security, with an offensive security firm in Toronto, Canada. Recently, she was a Cyber Security Consultant with a a Big4 firm and worked on GRC, privacy, breaches, and DRP. Armed with a degree in Poli Sci, she engineered a backdoor into an IT role with CP Rail's helpdesk over 20 years ago, and went on to initiate the security role within JIG Technologies, an MSP. Her areas of interest include APTs, mainframes, ransomware, ICS SCADA, and building threat intel. She actively shares her passion for security in blogs, in print, on podcasts, and speaking at conferences.

Links:

Similar Presentations: